Abstract: An optical writing apparatus has a part configured to superpose an unauthorized copy protection pattern on image data; a control part configured to recognize the unauthorized copy protection pattern, correct image data of the unauthorized copy protection pattern in pixel unit, and control a size of an isolated dot included in the unauthorized copy protection pattern; and a writing part configured to write a corresponding image on a photosensitive body based on the thus-corrected image data.

Abstract: Disclosed are various embodiments for inhibiting or preventing automated data extraction from network pages. A source for a network page having a document structure is obtained. An obfuscated network page is generated from the network page by altering the document structure to inhibit automated extraction of data. The obfuscated network page is configured to have a visual appearance that is the same as that of the network page when rendered by a client for display. The obfuscated network page is sent to the client in response to a request from the client for the network page.

Abstract: A method and system are provided for counterfeit prevention for optical media. In one example, a system is provided for verifying authenticity information on an optical medium. The system receives the optical medium including a fingerprint having at least one probabilistic feature. A probabilistic feature is a physical feature having both a substantial chance to be read as a first value and a substantial chance to be read as a second value. The system receives an o-DNA signature-at-issuance. The system calculates an o-DNA signature-at-verification by reading each probabilistic feature plural times. The system calculates a vector-of-differences between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences includes a maximum distance metric between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences indicates the optical medium is authentic if the maximum distance metric is less than a threshold.

Abstract: An information processing system includes: a client executing acquisition and reproduction of contents; a management server providing the client with content selection information applied for acquisition of contents; and a content providing server receiving the content selection information from the client and providing the content selected in accordance with the content selection information, wherein the content selection information includes content identifiers as identifiers of encrypted contents respectively encrypted by different encryption keys and range information indicating data areas of range data which is configuration data of respective encrypted contents, and the content providing server provides the client with an encrypted content formed by combining range data as partial data of the encrypted contents specified by the content identifiers and the range information.

Abstract: Watermarks may be used to deter certain types of information leaks. In one example, leaks occur in the form of posting, in public forums, screen shots of private pages. To deter this example kind of leak, private web pages within an organization may be watermarked with an experience identifier that identifies the session in which the screen shot is captured. Other information may also be included in the watermark. The watermark may be designed to survive image compression, so that it can be recovered from either a compressed or uncompressed image of the web page. By using an experience identifier recovered from the watermark, and logs that describe activity associated with that experience identifier, it may be possible to identify the source of the information leak.

Abstract: The present invention provides a method and apparatus for the production and labeling of objects in a manner suitable for the prevention and detection of counterfeiting. Thus, the system incorporates a variety of features that make unauthorized reproduction difficult. In addition, the present invention provides a system and method for providing a dynamically reconfigurable watermark, and the use of the watermark to encode a stochastically variable property of the carrier medium for self-authentication purposes.

Abstract: A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device (101) configured to carry out the method.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A method is provided in one example embodiment and it includes identifying a root term and determining one or more other terms belonging to a group associated with the root term. The method also includes selecting one or more of the terms from the group and generating a concept based on the selected terms from the group, wherein the concept is applied to a rule that affects data management for one or more documents that satisfy the rule. In more specific embodiments, the root term is identified via a search or via an incident list. In other embodiments, a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term. The concept can be used to automatically mark one or more documents that relate to the concept.

Abstract: An image processing apparatus includes a determination unit configured to determine whether secret information that should not be transmitted to a web server is contained in an HTML file provided by a web server. A web browser does not transmit the secret information determined by the determination unit to the web server. A job control unit executes a device function using the secret information that is not transmitted to the web server according to determination by the determination unit.

Abstract: A method and system process a document having attached thereto a set of digital rights specifications, the digital rights specifications specifying constraints on the processing of the document. A workflow controller selects candidate devices, for processing the document, from a plurality of devices and determines, for each candidate device, that the device meets the digital rights specifications requirements. A set of devices are assigned to process the document from the set of devices that meet the digital rights specifications constraints. The workflow controller detects a failed device included in the assigned set of devices to process the document and determines potential candidate devices to replace the failed device. For each potential candidate device, it is determined if the potential candidate device meets the digital rights specifications requirements. A device that meets the digital rights specifications constraints is assigned to replace the failed device.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: Provided are an IC chip and a method of verifying data thereof. The present invention verifies integrity of data by comparing an integrity verifying value generated from data using an integrity verifying value generating algorithm before a write operation for storing data in a storing unit is performed and an integrity verifying value generated from data stored in the storing unit using the integrity verifying value generating algorithm after the write operation is completed. According to the present invention, the present invention can confirm whether data stored in the IC chip is normally stored when manufacturing/issuing the IC chip and whether data stored in the IC chip is normally stored during the IC chip is used.

Abstract: A computer-implemented method for clustering audio fingerprints from different set top boxes into groups based on their similarities is disclosed. The computer server receives audio fingerprints generated at different set top boxes and partitions them into multiple groups such that audio fingerprints within a group correspond to a respective TV program being played at the respective set top boxes. Upon receipt of an audio fingerprint from a set top box, the computer server identifies a group of audio fingerprints that are substantially similar to the audio fingerprint, determines TV program information for the audio fingerprint in accordance with the channel metadata associated with the identified group of audio fingerprints, and returns the TV program information to the requesting set top box.

Abstract: A computing device detects a command to perform a print screen operation. On detecting the command to perform the print screen operation, the computing device identifies a file associated with a displayed application window. The computing device determines whether the file contains confidential information. Upon determining that the file contains confidential information, the computing device performs an action to enforce a data loss prevention policy.

Abstract: A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.

Abstract: One embodiment of the present invention provides a system for tracing information leaks. The system introduces linguistic and syntactic changes to a document, and associates these changes with a user identifier, which facilitates identification of a user that may have leaked the document. During operation, the system receives a document. The system then determines a most similar original document based on the received document. The system determines difference between the most similar original document and the received document, and determines a user identifier based on the determined difference.

Abstract: A method and a system for protecting data, a storage device, and a storage device controller are provided. In the present method, when a host accesses data in the storage device, whether the host performs a play operation or a copy operation on the data is first determined. If the host performs the play operation on the data, the storage device continues to execute the play operation so as to allow the host to access the data. On the other hand, if the host performs the copy operation on the data, the storage device executes an interference procedure so as to prevent or retard the data from being copied into the host.

Abstract: A method and apparatus for provisioning a subscription product is disclosed. The method comprises receiving a request for a subscription product; retrieving a profile and at least one subscription associated with the profile, wherein the at least one subscription comprises a plurality of subscription details; validating the plurality of subscription details; retrieving product data for the subscription product based on the validated subscription details; determining a dominant subscription product when there are at least two subscriptions associated with the profile; and sending the product data for the dominant subscription product, wherein the product data enables activation of a product license.

Abstract: Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes.

Abstract: Systems and methods are provided to enable secure remote activation and/or unlocking of content or other media assets protected using one or more copy protection mechanisms or techniques. Existing trusted processor architectures used by electronic devices (e.g., HD-DVD or Blu-Ray optical disc readers) can be used to allow remote activation and/or unlocking of protected content. An authorization server is configured to identify the specific copy of the protected content or other media assets at the device from the request, and determine the correct correlation between the request and information that enables the device to initiate playback of the protected content. Accordingly, the authorization server maintains secret or private on the authorization server the information that can be used by other parties to obtain a correlation between the request and any response received from the authorization server that enable the device to initiate playback of the protected content.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: A computing system selects a portion of data of an unknown work and detects each event in the portion of data of the unknown work. An event is a perceptual occurrence in a work successively positioned in time. The system determines an event metric between each successive event in the portion of data in the unknown work and generates a list of event metrics between the events for the unknown work. The system compares the list of event metrics for the unknown work to a list of event metrics for a known work and determines the unknown work is a copy of the known work responsive to a match between the list of event metrics of the unknown work and the list of event metrics for the known work.

Abstract: Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license.

Abstract: A method and system for identifying a source of a copied work that in one embodiment includes obtaining at least some portions of a reference work, collecting at least some portions of the suspect work, matching the suspect work with the reference work, wherein the matching includes temporally aligning one or more frames of the reference work and the suspect work, spatially aligning frames of the reference work and the suspect work, and detecting forensic marks in the suspect work by spatiotemporal matching with the reference work.

Abstract: Methods and systems for reporting information about users who obtain copyrighted media illegally using a network are provided. A particular copyrighted media from a source of copyrighted media may be associated with a user's computer. Copyright fees have not been paid for the particular copyrighted media. Information about the user of the computer is reported.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.

Abstract: A method and apparatus for storing and retrieving program material for subsequent replay is disclosed. The method comprises the steps of receiving a data stream comprising the program material encrypted according to a first (CW) encryption key, decrypting the program material; re-encrypting the program material according to a second encryption key, and storing the re-encrypted material in a media storage device. The program material is played back by retrieving the re-encrypted material from the media storage device and decrypting the re-encrypted program material. In one embodiment, the media storage device also stores the second encryption key which has been further encrypted by a key that is unique to the device used to receive the program material.

Abstract: Techniques for detecting a cloned virtual machine instance. A method includes transmitting an identifier associated a virtual machine from an agent embedded in the virtual machine akin to a malware to a detection entity in a network, determining whether the identifier is a unique identifier or whether the identifier is a clone of an identifier associated with a separate virtual machine in the network, and initiating at least one remedial action with the agent embedded in the virtual machine if the identifier is determined to be a clone of an identifier associated with a separate virtual machine in the network.

Abstract: A computer-implemented method for validating ownership of deduplicated data may include (1) identifying a request from a remote client to store a data object in a data store that already includes an instance of the data object, (2) in response to the request, verifying that the remote client possesses the data object by (i) issuing a randomized challenge to the remote client, the randomized challenge including a random value which, when combined with at least a portion of the data object, produces an authentication token demonstrating possession of the data object and, in response to the randomized challenge, (ii) receiving the authentication token from the remote client; and, in response to receiving the authentication token from the remote client, (3) storing the data object in the data store on behalf of the remote client. Various other methods and systems are also disclosed.

Abstract: A method and system are provided for counterfeit prevention for optical media. In one example, a system is provided for verifying authenticity information on an optical medium. The system receives the optical medium including a fingerprint having at least one probabilistic feature. A probabilistic feature is a physical feature having both a substantial chance to be read as a first value and a substantial chance to be read as a second value. The system receives an o-DNA signature-at-issuance. The system calculates an o-DNA signature-at-verification by reading each probabilistic feature plural times. The system calculates a vector-of-differences between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences includes a maximum distance metric between the o-DNA signature-at-issuance and the o-DNA signature-at-verification. The vector-of-differences indicates the optical medium is authentic if the maximum distance metric is less than a threshold.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.

Abstract: According to the type of each of a plurality of external input interfaces, it is decided whether digital watermark information is to be detected from data entered via the external input interface. Digital watermark information is not detected from data entered via the external input interface and from which it has been decided not to detect any digital watermark information, but the data is recorded. Thus, there can be provided a data recording apparatus which is not applied with a any heavy load owing to the omission of any unnecessary detection of digital watermark information.

Abstract: A hosted web service is provided to enable the legitimate sharing and reselling digital music among subscribers to the web service by leveraging the teachings of the first sale doctrine of copyright law. By maintaining a single copy of properly purchased song within the system that can be only accessed by one subscriber at a time, the web service preserves the rights of the copyright holder of the digital music while encouraging a community sharing.

Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.

Abstract: A method of checking whether a content aggregator's content matches a content owner's content involves generating a fingerprint of the content and looking for a matching fingerprint from the content owner through a service provided by the content owner. In one aspect, the fingerprints are generated from an intermediate digest of the content instead of the original form.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into text data and methods, apparatus, and articles of manufacture to obtain encoded data from text data are disclosed. An example method to embed auxiliary data into text data includes selecting a portion of auxiliary data to be encoded into text data, mapping the portion of auxiliary data to a first set of one or more encoded characters representative of the portion of the auxiliary data, mapping a position of the portion of auxiliary data within the auxiliary data to a second set of one or more encoded characters representative of the portion of the auxiliary data, and generating encoded data by including the first set of encoded characters and the second set of encoded characters in the text data.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into relational database keys and methods, apparatus, and articles of manufacture to obtain encoded data from relational database keys are disclosed. An example method to encode auxiliary data into relational data includes generating a code comprising a plurality of groups and representative of auxiliary data, determining incremental values for the plurality of groups, generating a first key based on the code, and generating a subsequent key by modifying the first key based on the value of the first key and the incremental values.

Abstract: A camera detector device for detecting the presence of an illegal camera inside a room. A camera takes multiple pictures of a room and identifies reflections in each still image. If a reflection with similar properties appears repeatedly overtime than the reflection is identified as an illegal camera positioned towards the camera detector device.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into numeric data and methods, apparatus, and articles of manufacture to obtain encoded data from numeric data are disclosed. An example method to embed auxiliary information into numeric data includes assigning source data to one of a plurality of groups, the source data comprising a numeric value, identifying a symbol to be added to the source data based on an assigned group of the source data, and generating encoded data by selectively modifying the numeric value of the source data to be representative of the symbol.

Abstract: Devices, methods and instructions encoded on computer readable medium are provided herein for implementation of classification techniques in order to determine if an unknown executable file is malware. In accordance with one example method, an unknown executable file comprising a sequence of operation codes (opcodes) is received. Based on the operation codes of the unknown executable, a subset of executable files in a training set is identified in which each of the files in the subset have the same beginning sequence of operation codes as the unknown executable. After the subset is identified, a feature set extracted from the unknown executable file is compared to one or more feature sets extracted from each of executable files in the identified subset. A determination is made, based on the feature set comparison, whether the unknown executable file is malware.

Abstract: There are provided an apparatus and a method for privacy protection in association rule mining among data mining technologies. An apparatus for privacy protection in association rule mining according to an embodiment of the present invention comprises: a fake transaction inserter that generates fake transactions of a predetermined number each having a predetermined length and inserts the fake transactions between a plurality of transactions comprised in an original data set to generate a first virtual data set; and a distortion transaction generator that generates a second virtual data set by converting data of the transaction of the first virtual data set with a predetermined probability.

Abstract: A method for sharing and updating a key using a watermark is disclosed. The method includes receiving an image to be encoded from an image input device encoding the image, and inserting a master key value as a watermark into the encoded image, for use as an input of a key derivation function.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: A computing system selects a portion of data of an unknown work and detects each event in the portion of data of the unknown work. An event is a perceptual occurrence in a work successively positioned in time. The system determines an event metric between each successive event in the portion of data in the unknown work and generates a list of event metrics between the events for the unknown work. The system compares the list of event metrics for the unknown work to a list of event metrics for a known work and determines the unknown work is a copy of the known work responsive to a match between the list of event metrics of the unknown work and the list of event metrics for the known work.

Abstract: Techniques are able to lock and unlock and integrated circuit (IC) based device by encrypting/decrypting a bus on the device. The bus may be a system bus for the IC, a bus within the IC, or an external input/output bus. A shared secret protocol is used between an IC designer and a fabrication facility building the IC. The IC at the fabrication facility scrambles the bus on the IC using an encryption key generated from unique identification data received from the IC designer. With the IC bus locked by the encryption key, only the IC designer may be able to determine and communicate the appropriate activation key required to unlock (e.g., unscramble) the bus and thus make the integrated circuit usable.

Abstract: Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

Abstract: Techniques for detecting a cloned virtual machine instance. A method includes transmitting an identifier associated a virtual machine from an agent embedded in the virtual machine akin to a malware to a detection entity in a network, determining whether the identifier is a unique identifier or whether the identifier is a clone of an identifier associated with a separate virtual machine in the network, and initiating at least one remedial action with the agent embedded in the virtual machine if the identifier is determined to be a clone of an identifier associated with a separate virtual machine in the network.